Windows Server slaps updates on this menacing security issue

Unveiling vulnerabilities and measures to counter cyber threats.

News

Reading time icon 2 min. read

Calendar icon Published on

by Rafly Gilang 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Microsoft announces crucial security changes for Windows Server.
  • It addresses Netlogon vulnerabilities and enforces stronger security measures.
  • Here are key updates and everything you need to know.

Microsoft has announced upcoming changes to the security hardening measures for Netlogon and Kerberos in Windows Server, will be in place on July 11, 2023. 

These changes aim to address vulnerabilities in the Netlogon protocol when remote procedure call (RPC) signing is used instead of RPC sealing, as noted from Microsoft’s release health note

For context, The Netlogon RPC interface plays a crucial role in maintaining the relationships between devices, domains, and domain controllers (DCs) in a Windows Server environment. These vulnerabilities affect all machine accounts that are joined to a domain.

It is important to note that recent Windows updates released after April 11, 2023, have introduced two significant changes that may impact the testing and deployment processes related to security hardening. 

First, the guidance regarding a group policy object (GPO) setting that allowed individual accounts to be excluded from the hardening process has been removed. 

After a thorough investigation, Microsoft said that this setting was not an effective workaround for certain scenarios involving hardening changes. Consequently, the tech giant has cleared the related guidance from the KB documentation.

Additionally, there are certain scenarios that were not initially affected by the hardening changes in the November 8, 2022 update. They will now be addressed with the April 11, 2023 updates. 

As a result, users may observe the logging of Netlogon EventIDs 5838 and/or 5839 after installing the April 11th update.

Windows Server security updates: What should I do now?

To ensure the security of their environments, Microsoft says that IT administrators should install Windows updates dated April 11, 2023, or later on all devices, including DCs. We always recommend regularly updating devices with the latest Windows versions to maintain optimal security.

Beginning July 11, 2023, Windows updates will fully enforce RPC sealing requirements. As IT administrators, you should conduct thorough testing by enabling the hardening changes before this date.

By implementing these security enhancements, Redmond officials also aim to strengthen the overall security posture of Windows Server environments and mitigate potential vulnerabilities in the Netlogon and Kerberos protocols.

And, as always, you can enhance the security of your Windows devices and protect against potential vulnerabilities by staying vigilant and promptly implementing the necessary updates. 

What do you think about this recent move by Microsoft to launch security updates for Windows Server? Let us know in the comments!

More about the topics: windows servers

Rafly Gilang

Rafly Gilang Shield

Rafly is a journalist with growing experience, ranging from technology, business, social, and culture. A holder of the Romanian government scholarship, his writing has been published in several local and national publications.